It's Software, Not Magic: Navigating the Vulnerability Speed Wave and Shadow AI
🎧 Listen now to The Resilience Room What does a 31-year career at one company look like in cybersecurity? For Lee Stephens, it looks like research, marketing, sales, operations, and consultancy — and never a dull moment. In this episode of The Resilience Room, Lee sat down with host Sam Dickison to cut through the noise on ransomware, the collapsing patch window, Shadow AI, and the looming quantum reckoning. The Retail Ransomware Wake-Up Call Last year's wave of attacks on the UK retail sector made cybersecurity front-page news. For Lee, the most striking thing wasn't the sophistication of the attacks — it was the opposite. "What came home was actually the simplicity of the attacks. Those really fundamental, boring basics are absolutely critical — and involved in so many of the incidents we deal with." While the media spotlight has moved on to AI, the threat landscape hasn't changed nearly as much as the news cycle suggests. The fundamentals remain the same: strong unique passwords, kept systems, tested backups, and a plan for a bad day. As Lee puts it, you don't need to outrun the bear — just don't be the slowest runner. The Vulnerability Speed Wave: Your 90-Day Patch Window Is Gone Here's the stat that should reframe every conversation about patch management: 2021: Average time from CVE disclosure to active exploit — one year 2025: Shrunk to one month 2026: Now at one week and one day 2027 projection: Potentially an hour — or a minute This geometric progression is being driven by AI-assisted vulnerability research on both sides. The traditional 90-day patch window is functionally dead, and some vendors are already moving to fortnightly cycles. Speed is now a security control in its own right. AI in the SOC: Real Benefits, Realistic Limits SOC analyst burnout is real. The volume of alerts, the repetitive triage work — AI-assisted automation has genuine potential to help. But fully autonomous SOCs? Lee remains cautious. "At times AI feels like magic. It's not magic, it's software. And from thirty years ago when I did my computer science degree: garbage in, garbage out." His recommendation: don't chase the ten-times transformation. Chase the ten percent improvement and compound it. Organisations that have tried to automate everything often find they're spending more time maintaining automations than the work would have taken. Shadow AI: The New Shadow IT Problem Most people using unofficial AI tools aren't being malicious — they're trying to get their job done. But the risk is real, especially around feeding confidential data into models without proper data handling agreements. Some of Lee's clients require all data to remain in the UK at all times, which effectively rules out certain major tools that can't guarantee that under peak load. His cautionary scenario: a team uses AI to diagnose an infrastructure problem. The output gets translated for customers, then condensed for a senior exec. Each iteration drifts further from reality — and when the fix doesn't work, multiple conflicting versions of "the truth" are already in circulation. "AI has no conscience, it doesn't care. It's a prediction engine. It's software. Not magic — software." The solution is culture and training as much as technical controls, combined with IT teams designing better corporate solutions so people don't need to go off-piste in the first place. What's Next: Quantum's Y2K Moment Quantum computing has been "just five years away" for decades — but the trend lines are genuinely moving. More qubits, better coherence times, major advances every few months. The security implication is stark: the maths underpinning asymmetric encryption is trivially easy for a quantum computer to solve, which means every piece of encryption on the planet eventually needs replacing. NIST has published post-quantum cryptography standards, and vendors are beginning to implement them. But the migration is a massive undertaking. "It's akin to a Y2K moment where everybody needs to upgrade — for really no benefit at all, just to stay standard. The only disadvantage is we don't know when the moment is." The organisations best placed will be the ones who've already done their cryptographic inventory and know what they'd need to upgrade and in what order. Whether the topic is ransomware, patch windows, AI, or quantum — Lee's message is consistent: there's no silver bullet, no magic. Just fundamentals, applied consistently, with humans staying in the loop. After 31 years, it's the message that keeps working. The Resilience Room is hosted by Sam Dickison. New episodes explore the human and technical realities of cybersecurity with guests from across the industry.Zero-Day Summer: The Mythos Fallout and the Era of Autonomous Attacks
In January, organizations were warned: 2026 would be the year AI transitioned from a script assistant to a sovereign attacker. Midway through the year, that forecast has proven conservative. We have entered an era of autonomous exploitation. The first half of 2026 has been defined by the collapse of the "vulnerability window" and the rise of AI-orchestrated data exfiltration events affecting millions of records in a single afternoon. Coordinated global campaigns are now compromising hundreds of network perimeters in minutes, not weeks, leaving traditional human-led defenses obsolete. As the fallout from the Mythos model preview sends shockwaves through the organization, leaders must move beyond observation to aggressive, evidence-based resilience. Join Immersive’s lead intelligence architects for a clear-eyed look at the state of AI-enabled threats and the evolution of the 2026 threat landscape. We will move past the hype to deliver the actionable intelligence required to defend an enterprise under autonomous assault. What We’ll Confront: The Mythos Aftermath: An analysis of the first "sovereign" discovery model. Understand how tools capable of autonomous zero-day identification have fundamentally broken the traditional patching cycle. Quantum’s SNDL & The Regulatory Timebomb: Why the surge in encrypted data exfiltration, targeting "store now, decrypt later" (SNDL) outcomes, represents an immediate legal and financial risk to the organization. The Rise of the AI-Orchestrated Actor: An uncompromising look at campaigns where human operators have been replaced by AI agents for reconnaissance, lateral movement, and automated ransom negotiations. From Pulse to Proof: The 2026 mid-year roadmap for shifting from manual playbooks to autonomous-ready response through high-fidelity, dynamic exercises.Webinar: Activate Your Secure AI Strategy with Immersive One (In Under 30 Minutes)
AI threats won’t wait. To securely adopt AI, you need a unified front where Engineering innovates, Security defends, and your workforce governs. But using new tools is only half the battle; cyber resilience today requires an AI-ready workforce that can move as fast as the models themselves. Join our expert-led session where you’ll discover (in less than 30 minutes!) how Immersive One supports role-specific enablement, so you can activate safe, rapid, AI innovation and govern adoption. You’ll walk away ready to use Immersive One to: Enforce your AI development lifecycle to satisfy global regulatory and security standards. Secure your AI agents' identities, roles, and outputs, and evaluate their performance to mitigate risk. Build internal AI proficiency to solve the talent bottleneck and keep pace with an ever-evolving threat landscape. Don’t miss this opportunity—Immersive One’s Secure AI capability ensures governance can be a catalyst for secure innovation.New CTI Lab: CVE-2026-23744 (MCPJam RCE): Offensive
On January 16, 2026, advisories were released covering a critical vulnerability in MCPJam Inspector, the local-first development platform for MCP servers. The Latest version, 1.4.2 and earlier, is vulnerable to a remote code execution (RCE) vulnerability, a trivial yet highly impactful vulnerability that allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. What is this about? Model context protocol (MCP) has become more popular as a way to connect applications and services together that use AI, such as connecting tools to your OpenAI account, so the AI can help you work with the tool, perform tasks on your behalf, or work as webhooks between tools. MCPJam is an example of a tool that makes these processes easier and more convenient. Why is this critical for you and your team? As AI adoption across industries and sectors rises, products and services have been released to help people interact with AI pipelines. With MCPJam and tools like it, you can test and develop MCP (model context protocol) servers, emulate deployments, and debug your workflow, making your entire MCP development pipeline much smoother.If you're using any tools like this, where you share you API keys and other sensitive data with the tool, you need to be cognisant of the risks that these tools carry, as many others are vulnerable to basic misconfigurations that can lead to serious impacts. Who is the content for? Penetration Testers Security Analysts Incident Responders Here is a link to the lab: CVE-2026-23744 - MCPJam: Offensive This application has no logging available at all, so no Defensive Variant of this labIt’s Not Magic, It’s Mechanics: Demystifying the OWASP Top 10 for AI
Welcome back to our series, “Behind the Scenes of Immersive One”! The following is a conversation with Sabrina Kayaci, Cybersecurity Engineer for Immersive One, and Rebecca Schimmoeller, Lead Product Marketing Manager. Today, we’re continuing the discussion on our Secure AI capability. “When developers hear ‘AI Security,’ they either start to sweat or eye-roll. It either feels like a black box where the old rules don’t apply, or it feels like inflated marketing hype. The truth is, AI vulnerabilities aren't magic; they are mostly just new manifestations of the classic flaws we’ve been fighting for decades. Once you map the new threats to the old patterns, the mystique fades. You realize it’s not magic to fear or hype to ignore—it’s just an engineering problem to solve.” Rebecca: Awesome frame, Sabrina. No matter where you sit on the spectrum—whether you’re anxious about the risks or skeptical of the buzz—AI security doesn't mean starting from zero. Developers should already have the muscle memory for this. Sabrina: Exactly. We aren't asking them to learn a new language; we're asking them to apply their existing fluency to a new dialect. That’s the core philosophy behind our new OWASP Top 10 for LLMs and GenAI collection. We tackle the problem that AI is often treated as a "new and daunting" field. By framing threats like Supply Chain Vulnerabilities or Excessive Agency as variations of known issues, we accelerate the learning curve. We strip away the "AI mysticism" to reveal the underlying mechanical flaw. Rebecca: I love "stripping away the mysticism." Let’s talk about how that works, starting with the big one everyone is concerned about—Prompt Injection. How do you take that from "scary AI jailbreak" to something a grounded engineer can fix? Sabrina: In the media, Prompt Injection is portrayed as this sentient ghost in the machine. In our lab, we treat it as an Input Validation failure. We show that the system is simply confusing "user input" with "system instructions." When a developer sees it through that lens, the eye-roll stops. It’s no longer hype; it’s just mixed context. And they know how to fix mixed context. We show them how to apply that architectural fix to an LLM. Rebecca: That maps perfectly. But looking at the curriculum, I see we go much deeper than just a standard "Top 10" checklist. Why was it important to go beyond the simple definitions? Sabrina: Because a definition tells you what something is, but it doesn't tell you how it impacts you. In the new OWASP LLM collection, we focus on Core Mechanics and Attack Vectors. We deconstruct threats like Data and Model Poisoning or Supply Chain vulnerabilities to show you exactly how they infiltrate a system. It’s the difference between knowing what an engine looks like and knowing how to take it apart. You need to understand the mechanics of the vulnerability to understand the potential impact—otherwise, you're just guessing at the fix. Rebecca: It sounds like we're upgrading their threat modeling software, not just their syntax. Sabrina: Yes, 100%. Look at Excessive Agency. That sounds like a sci-fi plot about a robot takeover. But when you do the lab, you realize it’s just "Broken Access Control" on steroids. It’s about what happens when you give an automated component too much permission to act on your behalf. Once a developer maps "Excessive Agency" to "Least Privilege," they stop worrying about the robot and start locking down the permissions. Rebecca: Is the goal to get them through all ten modules to earn a Badge? Sabrina: The OWASP Top 10 for LLMs Badge is the end state. It proves you have moved past the "sweat or eye-roll" reactive phase. To your manager, it signals you have a proactive, structured understanding of the AI risk landscape and can speak the language of secure AI. There’s no hype in that. Only value-add to you and your team. Final Thought Our OWASP Top 10 for LLMs collection is the antidote to AI security angst. For the developer, it demystifies the threat landscape, proving that their existing security instincts are the key to solving new problems. For the organization, it ensures that your AI strategy is built on a bedrock of engineering reality, rather than a shaky foundation of fear. [Access Collection]Architecting at Speed: Mastering Secure Development with OpenAI Codex
Welcome back to our series, “Behind the Scenes of Immersive One”! The following is a conversation with BenMcCarthy, Lead Cybersecurity Engineer for Immersive One, and RebeccaSchimmoeller, Lead Product Marketing Manager. Today, we’re continuing the discussion on our Secure AI capability. There is a misconception that security is the enemy of development speed. But with AI, the opposite is true. If you don't have security engineered into your AI workflow, you can't actually go fast—because you’re constantly stopping to fix 'trash code' or patch vulnerabilities. The developers who win in this era aren't just the ones coding faster; they are the ones architecting systems that are secure by design, even at AI speeds.” Rebecca: That’s a crucial distinction, Ben. We often hear that AI is a "firehose" of productivity, but without control, that firehose just creates a mess. It seems like the role of the developer is shifting from "writing lines" to managing this high-velocity output. How does the new Building with AI: Codex CLI collection help them make that shift? Ben: By giving them the controls they need to harness that speed safely. If you let OpenAI’s Codex run without guardrails or understanding, you get velocity, sure—but you also get risk. We designed this collection to empower developers to become their own Security Architects for their workflows. We are leveraging the Azure AI Foundry capability to give learners real, secure access to these models. The goal isn't to teach you how to hit "Tab" to autocomplete; it's to teach you how to rigorously evaluate, guide, and constrain what the AI produces using the command line tool like Codex so you can ship code that is both fast and bulletproof. Rebecca: So it’s about elevating the human’s role to "Architect." Let’s talk specifics given what the collection covers—how did you instill that mindset? Ben: We start by ensuring developers know the power of what you can do with Codex. How to get the best out of your models in this CLI tool. We go over effective prompt engineering, tool usage, and how AI can help with "Greenfield" projects (net-new builds) and "Brownfield" projects (legacy codebases). This is a critical skill for a lead engineer. AI is great at generating new code (greenfield), but it can be dangerous when it doesn't understand the hidden dependencies of a ten-year-old application (brownfield). We teach engineers how to spot those context gaps, key stuff that the AI might miss. Rebecca: I saw "specification-driven development" was a big part of your roadmap, too. How does that fit into the "speed" theme? Ben: This is the ultimate accelerator. Instead of writing the code line-by-line, you write the "spec"—the blueprint—and let Codex handle the implementation details. It’s not about doing less work; it’s about doing higher-leverage work. You define the logic and security constraints, and the AI handles the boilerplate. It shifts the developer’s brain from "how do I type this function?" to "what should this system actually do?" Rebecca: That sounds like a powerful approach, Ben. But what about the security risks? If developers are offloading implementation to Codex, how do they avoid leaking data or introducing bugs? Ben: That’s non-negotiable. In the Guardrails lab, we show learners how to build a safety net. We teach practical methods for stripping PII (Personally Identifiable Information) and using hooks to sanitize inputs before they reach the model. It gives developers the confidence to use these tools freely, knowing they have already engineered the safety mechanisms to protect their org. Rebecca: I saw a lab in the collection called "Tools and MCP" (Model Context Protocol). Is that where you get into advanced workflows? Ben: Exactly. This is where we give developers the keys to become a force multiplier. We show users how to connect Codex to other tools. This is the ideal definition of ROI for developers. You’re automating the tedious "check your work" phase, allowing you to ship secure code faster without burning out on manual review. Rebecca: It feels like that approach accepts today’s AI era realities for what they are and finds the strategic advantages… pushing developers towards productivity and security gains with real mastery. And just like the Claude collection, users have access to a Demonstrate Lab, to prove that mastery, am I right? Ben: Absolutely. The Demonstrate Lab challenges users to build a solution that’s efficient, functional, and secure. It proves that you aren't just an "AI user"—you are an AI Engineer who understands the capabilities the collection covers. Final Thought Our Building with AI: Codex collection is about upgrading the developer’s toolkit. For the organization, it ensures AI adoption is secure and scalable. For the engineer, it removes the drudgery of boilerplate, freeing you to focus on the creative, architectural challenges that drive real value. Ready to upgrade your workflow? [Access Collection]Beyond the Chat Window: How to Securely Vibe Code with Anthropic’s Claude
Welcome back to our series, “Behind the Scenes of Immersive One”! The following is a conversation with RobertKlentzeris, Application Security Content Engineer for Immersive One, and RebeccaSchimmoeller, Lead Product Marketing Manager. Today, we’re deep diving into one facet of our Secure AI capability. “We are seeing a shift from ‘chatting with AI’ to ‘inviting AI into the terminal.’ With the release of tools like Claude Code, developers aren't just copying and pasting snippets from a browser anymore. They are letting an agent live directly in their CLI, giving it permission to read file specs, run commands, and architect entire features. It’s a massive leap in capability—but also in trust.” Rebecca: That is the big shift we’re hearing about, Rob. The market is obsessed with the idea of "vibe coding" right now—just describing what you want and letting the AI handle the implementation details. But for a security leader, the idea of an AI agent having direct access to the CLI (Command Line Interface) sounds terrifying. It feels less like a helper and more like handing a stranger your SSH keys. Rob: That is exactly what makes Claude Code different from your standard autocomplete tools. You aren't just getting code suggestions; you are interacting with an agent that has tooling capabilities—like using MCP (Model Context Protocol) or running slash commands. If you don't know what you're doing, you might accidentally let the agent produce insecure code or mishandle PII in a way that’s harder to spot than a simple copy-paste error. This new collection is about bridging that gap: how do we embrace the speed of vibe coding without sacrificing the security of our platform? Rebecca: So it’s about safe integration. Let’s get into the weeds—what does the "safe" version of this look like in the actual Immersive One labs you created? Rob: We start by defining common patterns used in AI coding agents such as manual prompts and how you can write them so Claude generates secure code. We then go a little deeper and explore how you can let your agents start coding securely with more autonomy and less intervention while staying secure with spec-driven development. From there, we move to the components of Claude Code and show how to leverage these advanced features, such as custom slash commands and skills that can enhance the security of both large legacy and greenfield projects. Rebecca: I noticed your roadmap included a focus on "Guardrails" and "Claude Agents." Is this where we stop "trash code" from hitting production? Rob: Exactly. This is unique to the agentic workflow. In the Claude Agents lab, we teach users how to set up a "Reviewer Agent" that audits the code generated by the first agent. We also have a dedicated lab on Guardrails, focusing on stripping PII (Personally Identifiable Information) before Claude ever sees the data. It’s about ensuring that even if the AI is "vibing," the security protocols remain rigid. Rebecca: That sounds incredible for the security team, but what about the developer? If I’m used to just doing my thing, head down to deliver on time, won’t specification-driven development cramp my style? Rob: Fun fact: It actually makes you faster. Think of the 'spec' as the prompt that saves you ten revisions. At Immersive, we focus heavily on ROI and removing pain for users. In this case, we show developers how to use slash commands and hooks to automate the boring stuff. When you learn to use these tools properly, you stop wrestling with the AI and start conducting it. And because these labs are hands-on with real Claude Code access in a secure sandbox, you can experiment with these powerful agents without worrying about breaking your own local environment. Your manager will love that too. Rebecca: Ha! You’re right. It sounds like we’re giving users a safe place to crash-test the car before they drive it. And I see you wrap it all up with a "Demonstrate" lab? Rob: We do. We want to prove competence. The Demonstrate Lab is a capstone where you have to combine everything—usage, security, and productivity. You have to prove you know how to use Claude Code to build something functional and secure. It validates that you aren't just generating code; you're engineering with it. Final Thought Our Building with AI: Claude Code collection isn't just another coding tutorial. It is a blueprint for the agentic future of development. For you the developer, it turns Claude from a vibe code buddy into a fully integrated, secure pair programmer. For your organization, it transforms a potential security risk into a governed, high-speed workflow. Want to get started? [Access Collection]From Design to Deployment - Securing AI Architectures
With AI agents and LLMs moving into production, a new attack surface has emerged that demands more than just prompt filtering. True AI security requires a deep understanding of the entire ecosystem, including foundational models, the supply chain for third-party components, vector databases, and the agentic frameworks that grant them functionality. Hear from Immersive Principal Security Engineer, Ashley Kingscote and Principal Application Security SME, Chris Wood, for a technical breakdown of modern AI architecture and a practical, engineering-first guide to mitigating these complex threats. You'll hear about: Deconstructing the AI System: Move beyond high-level concepts and see a practical breakdown of AI application architecture, including the roles of Large Language Models (LLMs), Retrieval Augmented Generation (RAG), and Model Context Protocol (MCP). The OWASP Top 10 for LLMs: Dive deep into the OWASP Top 10 for LLMs, exploring critical risks like Prompt Injection, Data Poisoning, Excessive Agency, and Supply Chain Vulnerabilities with developer-focused analogies and examples. The Lethal Trifecta: Understand the dangerous intersection of AI systems having access to private data, the ability to communicate externally, and exposure to untrusted content—and why securing this trifecta is paramount. A Lifecycle Approach to Defense: Learn how to embed security throughout the entire AI development lifecycle, from secure design and threat modeling to robust deployment and operational monitoring in cloud environments.Boosting Cyber Readiness Together: Introducing The New AI In-Lab Assistant
We’re passionate about creating an empowering, collaborative learning environment. That’s why we’re excited to introduce the AI In-Lab Assistant – an intelligent chatbot right inside your lab environment. We want you to solve challenges independently. The new AI assistant is designed to provide hints and tips on a lab, offering guidance without giving away the answer. The aim is to enhance your learning experience, ensuring you're always ready for what’s next. 🔎 Finding your on-demand learning companion Getting started is simple. Open a lab, and you’ll see a sparkle icon in the top right corner of your screen. Clicking this sparkle icon opens the chatbot interface. If the window obstructs your view, you can reposition the chatbot by dragging its top bar. If you need to hide it, click the cross in the top right of the pop-up window or the sparkle icon again. 🔬 How can the assistant help me? We specifically designed this chatbot to help with lab-related queries and tasks inside the lab environment. You can ask it to summarize the lab briefing, help you understand key concepts (such as "what is a SIEM?"), or assist with specific questions (for instance, "I need help with Task 3!"). The chatbot will give you hints and tips without giving you the exact answer. For example, if you're tackling enumeration, it might suggest commands like nmap, netstat, or cat. If you're working on privilege escalation, it may encourage you to think about commands like sudo, su, or to look for SUID binaries. Our sophisticated technology takes snapshots of practical and cloud labs, capturing the necessary context to understand activities on the virtual machine or the command line interface. ✅ Key boundaries and quick tips We want you to get the most out of the new AI In-Lab Assistant. It keeps to the following main points: It won’t give away the answer: We intentionally designed the chatbot to encourage independent completions, not to directly give you the answer. If you ask outright for the answer to a question, it’ll provide hints for you to figure it out yourself. It only applies to lab content: While you can input any query, the chatbot can only answer questions related to the lab you’re currently in. If you ask a non-lab-related question, such as "how’s the weather today in Bristol?", it’ll tell you it doesn’t have access to real-time data. Instead, it’ll encourage you to ask a question about the lab. History isn’t retained: To start a new chat, click the plus icon next to the New chat button in the top left of the chatbot window. This will clear the current history. Note that you’ll lose your conversation history when you exit a lab or start a new one. The chatbot can only retain seven questions before forgetting them. Exclusions: The AI In-Lab Assistant is available in most labs, but isn’t available in custom labs, adaptive assessments, or any demonstrate labs. 🔐 Data security and feedback you can trust We want to be upfront about our technology and security because we value authenticity. Our AI service was built using OpenAI. We prioritize your data security, so we only store your account UUID in the AI service database. We don’t store any other personally identifiable information (PII) except what you explicitly input as queries, which OpenAI will also receive. Crucially, we don’t ingest any custom content labs into our AI service, and the service doesn’t have access to any customer data. We rely on your input to keep improving! You can provide feedback on every response using the thumb-up or thumb-down icons found directly underneath the chatbot’s reply. We monitor this feedback to improve the AI In-Lab Assistant over time. 💁🏻♀️ And don’t forget… If you’d prefer to speak to real humans for hints and tips on your favorite labs, head to the Community and navigate to the Help Forum. If you aren’t satisfied with the AI In-Lab Assistant’s responses or have technical issues with the feature, reach out to Customer Support via the Help Center.How to Build a People-Centric Defense for AI-Driven Attacks
Webinar recorded on 15th October 2025 The headlines are screaming about AI. But beyond the hype of rogue models and autonomous attacks, a more immediate threat is taking shape. AI isn't replacing the human attacker; it's amplifying them, making existing threats more targeted, scalable, and relentless than ever before. At Immersive, our frontline research team, Container 7, sees this evolution firsthand, and their mission is to uncover the real-world techniques threat actors are using today. From Scattered Spider’s sophisticated social engineering to convincing deepfakes, staying one step ahead has never been more critical. Join our experts as they share candid insights and unique discoveries, like an AI LLM bypass, to provide a practical understanding of how to prepare your people and organization for what’s next. You'll hear about: The Amplification Effect: Explore how AI is supercharging traditional attack techniques, from hyper-realistic social engineering to more strategic, data-driven secondary attacks. Threat Actor Spotlight: Dive into real-world examples from threat groups like Scattered Spider, how their tactics are evolving, and how to prepare your teams to defend against them. The Complacency Crisis: Discuss the emerging risk of complacency among technical teams as they rely more on AI, and why human vigilance is more critical than ever. A New Approach to Readiness: Learn why combining deep AI knowledge with human expertise is the only way to stay ahead. You’ll come away with expert tips on how to build a proactive defense.
